Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ransomware Prevention Guide: What You Need to Know
#1
Lightbulb 
Quote:
[Image: MicrosoftTeams-image-10.png]

Ransomware Prevention: Definition, Forms, Management and More. Learn How You Can Prevent Ransomware and Keep Your Company Safe!

Every week, the cybersecurity news websites are full of ransomware attacks stories – large and small companies become victims of malicious actors who want easy money on the behalf of those who will lose data, money and time in return. But that is not all – it’s only a matter of time until ransomware attacks have death as a consequence, if the target is a medical facility or something similar. For this reason, today’s topic is ransomware prevention.

Let’s find out how you can stay safe and out of trouble! 

Ransomware Prevention Guide: DefinitionsAs per our Cybersecurity Glossary, ransomware can be defined as follows: 
 
Quote:Ransomware is a type of malware (malicious software) that encrypts all the data on a PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that if the victim pays the ransom, he/she will get the decryption key. 

Ransomware prevention refers to the combination of practices, products and services used to avoid ransomware attacks. 

Ransomware Prevention Guide: How Ransomware WorksIn general,  a ransomware infection has multiple stages
  • Infection – during this stage, the malware payload is delivered to the target. Very often, this involves a phishing attack with compromised attachments*. Next, the ransomware will act locally or will try to replicate itself to other computers of the network. 
  • Security key exchange  – after the initial phase, the malware communicates with the attackers to get the cryptographic keys that it needs to encrypt the victim’s data. 
  • Encryption – in this phase, the victim’s files are encrypted. The local disk might be affected first. 
  • Extortion – in this stage, the victim receives the ransom note. Recently, the ransom note might also contain a data exposure threat, because ransomware can also exfiltrate the data back to the attackers. 
  • Unlocking or recovery – in this final stage, the victim may either try to remove the malware infection and recover the encrypted data manually or he/she pays the ransom. What should not come as a surprise is the fact that the hackers are not always honourable – not everyone gets their files back after paying the ransom. 
*Other means through which ransomware infections spreads are: vulnerable software, malicious websites redirections, malicious code injections, malvertising campaigns, botnets. 

Ransomware Prevention Guide: Forms of Ransomware

When it comes to forms of ransomware, there are countless examples. Let’s s have a look at a few examples: 

WannaCry Ransomware

As my colleague, Bianca, wrote, “Back in 2017, the WannaCry ransomware became one of the most devastating cyber-attacks ever seen. It swept the entire world, locking up critical systems all over the globe and infecting over 230,000 computers in more than 150 countries in just one day.” 

It is “a crypto-ransomware type”, encrypting “the data on a machine, making it impossible for the affected user to access it.”  

How does WannaCry ransomware works? 
 
Quote:WannaCry behaved like a worm-type attack vector, being able to self-propagate on Windows devices. However, the fact that it was a worm was not the most significant thing about it. Instead, the methods it used to distribute itself were a concern, as they leveraged some critical Windows bugs that had been fixed by Microsoft two months before the outbreak. WannaCry used an exploit dubbed “EternalBlue”, which took advantage of a security vulnerability that allowed malicious code to propagate without the user’s consent across systems set up for file-sharing.

Epiq Ransomware

Epiq Ransomware represents a combination of attacks. It starts with a TrickBot infection, then, as BleepingComputer writes, 
 
Quote:Once TrickBot is installed, it will harvest various data, including passwords, files, and cookies, from a compromised computer and will then try to spread laterally throughout a network to gather more data. When done harvesting data on a network, TrickBot will open a reverse shell to the Ryuk operators. The Ryuk Actors will then have access to the infected computer and begin to perform reconnaissance of the network. After gaining administrator credentials, they will deploy the ransomware on the network’s devices using PowerShell Empire or PSExec. In Epiq Global’s case, Ryuk was deployed on their network on Saturday morning, February 29th, 2020, when the ransomware began encrypting files on infected computers.

You can find more details about Epiq Ransomware and Ryuk Ransomware in some of our previous articles, Epiq Ransomware – A Team Effort and Ryuk Ransomware – Untangling a Convoluted Malware Narrative
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
Decimuss's profile Decimuss

>